diff options
author | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2010-01-15 19:40:30 +0000 |
---|---|---|
committer | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2010-01-15 19:40:30 +0000 |
commit | 050d499f8136d711a2fb4856adc3083c61b5b12f (patch) | |
tree | 142b2bf21cd22f8003728e49093e5aa401adb598 | |
parent | e3830cd53bab8bc87e07fd852522bf892a03db36 (diff) | |
download | mocca-050d499f8136d711a2fb4856adc3083c61b5b12f.tar.gz mocca-050d499f8136d711a2fb4856adc3083c61b5b12f.tar.bz2 mocca-050d499f8136d711a2fb4856adc3083c61b5b12f.zip |
mocca security policy
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@573 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
-rw-r--r-- | BKUOnline/src/main/policy/50mocca.policy | 111 | ||||
-rw-r--r-- | BKUOnline/src/main/resources/log4j.properties | 4 |
2 files changed, 57 insertions, 58 deletions
diff --git a/BKUOnline/src/main/policy/50mocca.policy b/BKUOnline/src/main/policy/50mocca.policy index fc14f825..2d6bc13d 100644 --- a/BKUOnline/src/main/policy/50mocca.policy +++ b/BKUOnline/src/main/policy/50mocca.policy @@ -18,15 +18,17 @@ // || IMPORTANT: REVIEW AND ADAPT TO YOUR NEEDS PRIOR TO INSTALLATION // ========================================================================= // +// (set -Djava.security.debug=access,failure and search for "FAILED") +// // // ========== MOCCA CODE PERMISSIONS ======================================= // -// replace /home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT +// replace ${catalina.base}/webapps/bkuonline // with ${catalina.base}/webapps/<mocca_context> -// replace /usr/share/java/xercesImpl.jar -// with <path_to_endorsed_xerces> (if not in jre/lib/endorsed) -// replace ${catalina.base}/work/Catalina/localhost/_ +// replace ${catalina.base}/work/Catalina/localhost/bkuonline // with ${catalina.base}/work/Catalina/localhost/<mocca_context> (the path to the compiled JSPs, excl. package dir: org/apache/jsp/) +// replace version info in utils-1.2.10.jar and bkucommon-1.2.10.jar +// with current version // replace apps.egiz.gv.at // with <DataURL_host:DataURL_port> // replace localhost:8080 @@ -46,17 +48,17 @@ // grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/logging.properties", "read"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/logging.properties", "read"; }; -grant codeBase "file:${catalina.base}/work/Catalina/localhost/_" { +grant codeBase "file:${catalina.base}/work/Catalina/localhost/bkuonline" { permission java.io.FilePermission "/helpfiles/-", "read"; permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtime"; }; // =========== MOCCA grants // -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/-" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/classes/-" { permission java.security.AllPermission; // permission java.io.FilePermission "${catalina.base}/logs", "read, write"; // permission java.io.FilePermission "${catalina.base}/logs/*", "read, write"; @@ -65,7 +67,7 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. // permission java.util.PropertyPermission "com.sun.xml.ws.transport.http.HttpAdapter.dump", "write"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/-" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/-" { // the log4j configuration might want to write logs to ${catalina.base}/logs/bkuonline.log permission java.io.FilePermission "${catalina.base}/logs", "read, write"; permission java.io.FilePermission "${catalina.base}/logs/*", "read, write"; @@ -73,28 +75,27 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/utils-1.1.2-SNAPSHOT.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/utils-1.2.10.jar" { permission java.util.PropertyPermission "*", "read"; permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve"; permission java.net.SocketPermission "ksp.ecard.sozialversicherung.gv.at:80", "connect,resolve"; - permission java.net.SocketPermission "localhost:8080", "connect, resolve"; +// permission java.net.SocketPermission "localhost:8080", "connect, resolve"; permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/bkucommon-1.1.2-SNAPSHOT.jar" { - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore", "write"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/-", "write"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/toBeAdded/-", "delete"; - permission java.io.FilePermission "/usr/share/java/xercesImpl.jar", "read"; +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/bkucommon-1.2.10.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; permission java.io.FilePermission "../conf/secret.xml", "read"; permission java.net.SocketPermission "apps.egiz.gv.at:443", "connect, resolve"; permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve"; permission java.net.SocketPermission "ksp.ecard.sozialversicherung.gv.at:80", "connect,resolve"; permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve"; permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve"; - permission java.net.SocketPermission "localhost:8080", "connect, resolve"; +// permission java.net.SocketPermission "localhost:8080", "connect, resolve"; permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; permission java.net.NetPermission "specifyStreamHandler"; permission java.util.PropertyPermission "*", "read, write"; @@ -118,7 +119,7 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/iaik_jce_full_signed-3.16.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_jce_full_signed-3.16.jar" { permission java.util.PropertyPermission "*", "read, write"; permission java.security.SecurityPermission "insertProvider.IAIK"; permission java.security.SecurityPermission "putProviderProperty.IAIK"; @@ -127,13 +128,12 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/iaik_ecc_signed-2.15.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_ecc_signed-2.15.jar" { permission java.security.SecurityPermission "insertProvider.IAIK_ECC"; permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/iaik_xsect-1.14.jar" { - permission java.io.FilePermission "/usr/share/java/xercesImpl.jar", "read"; +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_xsect-1.14.jar" { permission java.util.PropertyPermission "*", "read, write"; permission java.security.SecurityPermission "insertProvider.IAIK"; permission java.security.SecurityPermission "putProviderProperty.IAIK"; @@ -144,10 +144,10 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. permission java.security.SecurityPermission "removeProvider.XMLDSig"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/iaik_pki-1.0-MOCCA.jar" { - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore", "write"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/-", "write"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/toBeAdded/-", "delete"; +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_pki-1.0-MOCCA.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve"; permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve"; permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve"; @@ -155,38 +155,40 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar" { permission java.io.FilePermission "${java.home}/lib/xalan.properties", "read"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "getClassLoader"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/serializer-2.7.1.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/serializer-2.7.1.jar" { permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "getClassLoader"; }; // allow xsl:include from the specified URL -grant codeBase "jar:file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/processor/-" { +grant codeBase "jar:file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/processor/-" { permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; }; // allow XSLT document function to reference the specified URL -grant codeBase "jar:file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/xsltc/dom/LoadDocument.class" { +grant codeBase "jar:file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/xsltc/dom/LoadDocument.class" { permission java.io.FilePermission "../conf/secret.xml", "read"; }; // use tomcat/jre endorsed xerces instead -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/xercesImpl-2.9.1.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xercesImpl-2.9.1.jar" { permission java.io.FilePermission "${java.home}/lib/xerces.properties", "read"; - permission java.io.FilePermission "../conf/secret.xml", "read"; - permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; +// permission java.io.FilePermission "../conf/secret.xml", "read"; +// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; permission java.util.PropertyPermission "*", "read"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.*"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "accessDeclaredMembers"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/commons-logging-1.1.1.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/commons-logging-1.1.1.jar" { permission java.util.PropertyPermission "org.apache.commons.logging.*", "read"; permission java.util.PropertyPermission "log4j.*", "read"; permission java.util.PropertyPermission "catalina.base", "read"; @@ -194,23 +196,22 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/log4j-1.2.12.jar" { - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/log4j.properties", "read"; +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/log4j-1.2.12.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/log4j.properties", "read"; // allow log4j to read its own properties permission java.util.PropertyPermission "log4j.*", "read"; permission java.util.PropertyPermission "catalina.base", "read"; permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/spring-core-2.5.5.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-core-2.5.5.jar" { permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "modifyThread"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/spring-web-2.5.5.jar" { - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore", "write"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/-", "write"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/toBeAdded/-", "delete"; - permission java.io.FilePermission "/usr/share/java/xercesImpl.jar", "read"; +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-web-2.5.5.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; permission java.security.SecurityPermission "insertProvider.IAIK"; permission java.security.SecurityPermission "putProviderProperty.IAIK"; permission java.security.SecurityPermission "removeProvider.IAIK"; @@ -230,11 +231,10 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/spring-beans-2.5.5.jar" { - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore", "write"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/-", "write"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/toBeAdded/-", "delete"; - permission java.io.FilePermission "/usr/share/java/xercesImpl.jar", "read"; +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-beans-2.5.5.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; permission java.security.SecurityPermission "insertProvider.IAIK"; permission java.security.SecurityPermission "putProviderProperty.IAIK"; permission java.security.SecurityPermission "removeProvider.IAIK"; @@ -253,11 +253,10 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/spring-context-2.5.5.jar" { - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore", "write"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/-", "write"; - permission java.io.FilePermission "/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/classes/at/gv/egiz/bku/online/conf/certs/certStore/toBeAdded/-", "delete"; - permission java.io.FilePermission "/usr/share/java/xercesImpl.jar", "read"; +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-context-2.5.5.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; permission java.security.SecurityPermission "insertProvider.IAIK"; permission java.security.SecurityPermission "putProviderProperty.IAIK"; permission java.security.SecurityPermission "removeProvider.IAIK"; @@ -278,7 +277,7 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/jaxws-rt-2.1.5.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/jaxws-rt-2.1.5.jar" { // need write access to set disableCaptureStackTrace and HttpAdapter.dump permission java.util.PropertyPermission "com.sun.xml.ws.*", "read, write"; permission java.util.PropertyPermission "com.sun.xml.bind.*", "read"; @@ -302,19 +301,19 @@ grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1. permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/jaxb-impl-2.1.9.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/jaxb-impl-2.1.9.jar" { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.util.PropertyPermission "com.sun.xml.bind.v2.*", "read"; permission java.util.PropertyPermission "user.dir", "read"; }; -grant codeBase "file:/home/clemens/workspace/bku/BKUOnline/target/BKUOnline-1.1.2-SNAPSHOT/WEB-INF/lib/commons-httpclient-3.1.jar" { +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/commons-httpclient-3.1.jar" { permission java.util.PropertyPermission "*", "read"; }; // ======== NETBEANS -grant codeBase "file:${catalina.base}/nblib/-" { - permission java.security.AllPermission; -};
\ No newline at end of file +//grant codeBase "file:${catalina.base}/nblib/-" { +// permission java.security.AllPermission; +//};
\ No newline at end of file diff --git a/BKUOnline/src/main/resources/log4j.properties b/BKUOnline/src/main/resources/log4j.properties index 40133c83..d4a03fe7 100644 --- a/BKUOnline/src/main/resources/log4j.properties +++ b/BKUOnline/src/main/resources/log4j.properties @@ -15,8 +15,8 @@ #log4j.rootLogger=DEBUG, STDOUT, file -log4j.rootLogger=TRACE, file -#log4j.logger.at.gv = INFO +log4j.rootLogger=INFO, file +#log4j.logger.at.gv=TRACE # STDOUT appender |